Machine learning-driven intrusion detection for Contiki-NG-based IoT networks exposed to NSL-KDD dataset

Wide adoption of Internet of Things (IoT) devices and applications encounters security vulnerabilities as roadblocks. The heterogeneous nature of IoT systems prevents common benchmarks, such as the NSL-KDD dataset, from being used to test and verify the performance of different Network Intrusion Detection Systems (NIDS). In order to bridge this gap, in this paper, we examine specific attacks in the NSL-KDD dataset that can impact sensor nodes and networks in IoT settings. Furthermore, in order to detect the introduced attacks, we study eleven machine learning algorithms and report the results. Through numerical analysis, we show that tree-based methods and ensemble methods outperform the rest of the studied machine learning methods. Among the supervised algorithms, XGBoost ranks the first with 97% accuracy, 90.5% Matthews correlation coefficient (MCC), and 99.6% Area Under the Curve (AUC) performance. Moreover, a notable research finding of this study is that the Expectation-Maximization (EM) algorithm, which is an unsupervised method, also performs reasonably well in the detection of the attacks in the NSL-KDD dataset and outperforms the accuracy of the Naive Bayes classifier by 22.0%.